diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-05-26 12:57:54 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-05-26 12:57:54 -0300 |
commit | 9c76e361e991b9281e07f94863fd5058561a38ea (patch) | |
tree | 15e5cf8b915198439359b80ff746dd31a842e520 /libre/linux-libre-grsec/sysctl.conf | |
parent | 2bb95a60b721de207bc2d5db4eb2905aa93f1bc0 (diff) |
linux-libre-grsec-3.14.4.201405252047-1: updating version
* add optional dependencies on gradm and paxd
* enable rwxmap_logging by default (this logging feature never has any false positives. it indicates that PAX_MPROTECT denied an `mprotect` call.)
* update the sysctl configuration file to mention paxd
Diffstat (limited to 'libre/linux-libre-grsec/sysctl.conf')
-rw-r--r-- | libre/linux-libre-grsec/sysctl.conf | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf index a1af2c48e..bef8e350d 100644 --- a/libre/linux-libre-grsec/sysctl.conf +++ b/libre/linux-libre-grsec/sysctl.conf @@ -1,11 +1,13 @@ -# All features in the kernel.grsecurity namespace are disabled by default. +# All features in the kernel.grsecurity namespace are disabled by default in +# the kernel and must be enabled here. # -# Disable PaX enforcement by default, due to lacking integration with packages. +# Disable PaX enforcement by default. # -# This is considered a major flaw in this package and will be corrected in the -# future. Many binaries need to be flagged as requiring an exception from the -# PaX rules. +# The `paxd` package sets softmode back to 0 in a configuration file loaded +# after this one. It automatically handles setting exceptions from the PaX +# exploit mitigations after Pacman operations. Altering the setting here rather +# than using `paxd` is not recommended. # kernel.pax.softmode = 1 @@ -77,7 +79,7 @@ kernel.grsecurity.audit_gid = 201 #kernel.grsecurity.signal_logging = 1 #kernel.grsecurity.forkfail_logging = 1 #kernel.grsecurity.timechange_logging = 1 -#kernel.grsecurity.rwxmap_logging = 1 +kernel.grsecurity.rwxmap_logging = 1 # # Executable protections |